Release Notes 2018-08-10

Security Enhancements

We have implemented several security enhancements with our latest release. These changes are related to new password requirements for password strength criteria, account management, form notification links and scales session.

Automatically Lock Accounts of Inactive Users

Any users that have not been active (haven’t logged in) on your platform for a period of 365 days will automatically be locked out and will not be able to log in.

For any users on your platform that have been locked out, as a System Administrator, please see this article for instructions on how to reactivate locked accounts (or to manually lock accounts).

NOTE:

An athlete with a locked account can still receive form notifications and will still be listed for member selection in the platform for reporting, training programs and for assigning and scheduling forms, the athlete is just unable to log in to the platform or the mobile app until a system administrator unlocks the account.

If a System Administrator account has been locked, and only one System Administrator account exists for a site, your CSM is required to unlock the System Administrator user account.

A user with a locked account will be notified with the following message when they attempt to login to the platform:

New Password Requirements

We have updated our password requirements. The next time that you change or forget your password, your new password will need to adhere to the following requirements:

Minimum 8 characters

Minimum 1 uppercase character

Minimum 1 lowercase character

Minimum 1 numeric character

Minimum 1 special character

Note: Accepted special characters: ~`!@#$%^&*-_+=(){}[]|\/:;,.?"\'<>

User feedback is provided during password creation for corrective action for passwords that don’t meet the strength criteria.

Security Updates with Form Notification Links

Links to forms in a form notification will expire 24 hours after the link has been sent. Also, a link to a form will expire once a user has already submitted a form.

The following scenarios will also generate an invalid link:

A user account has been deactivated

The form for the link has been deactivated

Changes to Scales Session

Within an active scales session, if a user attempts to navigate to other areas of the platform through the URL, using the back button or opening a new tab or window, they will be redirected to the login page. The only way to successfully navigate away from an active scales session is for the user that started the session to enter their password after clicking Exit Weigh-In.